Security Incident Recovery

This is an instruction-only incident-recovery playbook; its requirements, instructions, and lack of installs/credentials are consistent with the claimed purpose.

This skill is an instruction-only incident recovery playbook and appears internally consistent. Before using it in a live incident: (1) review the full SKILL.md to ensure recommended actions match your environment and compliance needs, (2) do not treat it as a replacement for experienced incident responders—operational steps like isolation and rebuilds can cause data loss if done incorrectly, (3) verify any external tools or vendors the playbook suggests with your security team, and (4) note the dependency on a separate 'security-incident-command' process/skill — ensure that investigative controls and legal considerations (preservation of evidence) are in place before executing remediation steps.